Threat Research

FortiGuard Labs Discovers Three Vulnerabilities in Siemens’ Teamcenter Solutions

By Yonghui Han | July 18, 2022

In early 2022, I discovered and reported three zero-day vulnerabilities in Siemens JT2Go and Teamcenter Visualization to the Siemens Product CERT team. On Tuesday, July 12, 2022, Siemens and Open Design Alliance respectively released security patches(1 & 2) that addressed these vulnerabilities.

These vulnerabilities are identified as CVE-2022-28807, CVE-2022-28808, and CVE-2022-28809. They have been assigned a severity rating of Important.

Each of these vulnerabilities has a different root cause related to Open Design Alliance Drawings SDK affecting Siemens JT2Go and Teamcenter Visualization via a DWG file format. We suggest users apply the Siemens patches as soon as possible. In addition, Fortinet IPS has been protecting customers against these zero day threats since their discovery.

Affected platforms: Windows

Impacted parties: Users of Siemens JT2Go, versions earlier than V13.3.0.5

Users of Siemens Teamcenter Visualization, versions V12.4

Users of Siemens Teamcenter Visualization, versions V13.2

Users of Siemens Teamcenter Visualization, versions earlier than V13.3.0.5

Users of Siemens Teamcenter Visualization, versions V14.0

Users of Open Design Alliance Drawings SDK, versions earlier than 2023.3

Impact: Multiple vulnerabilities leading to application crashing or information disclosure

Severity level: Important 

The Vulnerabilities

Following are some of the basic details for these vulnerabilities. More detailed information can be found for each vulnerability on the related Fortinet Zero Day Advisory pages, which can be accessed by clicking on the CVE links, below: 

CVE-2022-28807

A Memory Corruption vulnerability exists in the decoding of AutoCAD Drawing ‘DWG’ files in Open Design Alliance Drawings SDK. It affects the Siemens JT2Go and Teamcenter Visualization solutions. Specifically, the vulnerability is caused by a malformed DWG file, which causes an out of bounds memory read due to an improper bounds check. 

Attackers can exploit this vulnerability to leak memory information within the context of the application via a crafted DWG file.

Fortinet previously released IPS signature Siemens.Drawings.SDK.CVE-2022-28807.Out-of-bounds.Read for this specific vulnerability to proactively protect our customers.

CVE-2022-28808

A Memory Corruption vulnerability exists in the decoding of AutoCAD Drawing ‘DWG’ files in Open Design Alliance Drawings SDK. It affects Siemens JT2Go and Teamcenter Visualization solutions. Specifically, this vulnerability is caused by a malformed DWG file, which causes an out of bounds memory read due to an improper bounds check. 

Attackers can exploit this vulnerability to leak memory information within the context of the application via a crafted DWG file.

Fortinet previously released IPS signature Siemens.Drawings.SDK.CVE-2022-28808.Out-of-bounds.Read for this specific vulnerability to proactively protect our customers.

CVE-2022-28809

A Memory Corruption vulnerability exists in the decoding of AutoCAD Drawing ‘DWG’ files in Open Design Alliance Drawings SDK. It affects Siemens JT2Go and Teamcenter Visualization solutions. Specifically, the vulnerability is caused by a malformed DWG file, which causes an out of bounds memory read due to an improper bounds check. 

Attackers can exploit this vulnerability to leak memory information within the context of the application via a crafted DWG file.

Fortinet previously released IPS signature Siemens.Drawings.SDK.CVE-2022-28809.Out-of-bounds.Read for this specific vulnerability to proactively protect our customers.

Fortinet Protections

Fortinet IPS customers are protected with the following signatures, which were previously released for these vulnerabilities:

  • Siemens.Drawings.SDK.CVE-2022-28807.Out-of-bounds.Read
  • Siemens.Drawings.SDK.CVE-2022-28808.Out-of-bounds.Read
  • Siemens.Drawings.SDK.CVE-2022-28809.Out-of-bounds.Read

In addition, FortiEDR detects and prevents the exploitation of these vulnerabilities.

Learn more about Fortinet’s FortiGuard Labs threat research and intelligence organization and the FortiGuard Security Subscriptions and Services portfolio.